Another important pleroma security post: nostr:npub108pv4cg5ag52nq082kd5leu9ffrn2gdg6g4xdwatn73y36uzplmq9uyev6 and nostr:npub108zt8c43ulvdwnax2txurhhr07wdprl0msf608udz9rvpd5l68ascvdkr5 found ANOTHER injection bug, and this one was probably used for the attack. I think that single user instances are probably not affected, but I wouldn't want to risk it. Move your media and proxy to a subdomain as alex initially recommended, it's not complicated and takes 15 minutes, and eliminates this whole class of bugs.

Fix is being worked on, but just do the media/proxy thing now so you'll never have to worry about this again.

https://webb.spiderden.org/2023/05/26/pleroma-mitigation/